Clean up Security Best Practices
Some of the guidance under "Best Practices", was either out date, or vague and inconsistent with newer guidelines like the "Password Policy". I've also attempted to crosslink more with other relevant policies and actual requirements where there now are some, like the internal Acceptable Use Policy (AUP).
New items:
- Enable host firewall on macOS
- Install other security software, such as anti-virus
- Reasoning for not requiring VPN usage and not prioritizing a corporate VPN solution
cc @gitlab-com/gl-security/secops @gitlab-com/business-ops/itops @mloveless @gitlab-rmitchell @gitlab-com/gl-security/compliance
Edited by Antony Saba